Skip to content

Pull requests: github/codeql

New pull request New
402 Open 16,573 Closed
402 Open 16,573 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

Go: Remove global function step from local flow Go
#21721 opened Apr 16, 2026 by owen-mc Contributor Draft
py/tarslip: detect shutil.unpack_archive and subprocess tar extraction Python
#21720 opened Apr 16, 2026 by Copilot AI Draft
1
@hvitved
8
Python: support os.path.basename as a sanitizer in py/path-injection no-change-note-required This PR does not need a change note Python
#21719 opened Apr 16, 2026 by Copilot AI Loading…
1
@hvitved
6
Java: Add XXE sink model for Woodstox WstxInputFactory documentation Java
#21718 opened Apr 16, 2026 by chmodxxx Contributor Loading…
2
Bump rules_nodejs from 6.7.3 to 6.7.4 bazel Pull requests that update bazel code dependencies Pull requests that update a dependency file
#21717 opened Apr 16, 2026 by dependabot bot Loading…
Bump rules_shell from 0.7.1 to 0.8.0 bazel Pull requests that update bazel code dependencies Pull requests that update a dependency file
#21716 opened Apr 16, 2026 by dependabot bot Loading…
Improve actions/ql/src/Security/CWE-829/UntrustedCheckoutX queries Actions Analysis of GitHub Actions documentation
#21715 opened Apr 15, 2026 by knewbury01 Contributor Loading…
@knewbury01
10
Rust: Upgrade to rust-analyzer 0.328 Ruby Rust Pull requests that update Rust code
#21714 opened Apr 15, 2026 by tausbn Contributor Draft
11
Bump the cargo group across 1 directory with 2 updates dependencies Pull requests that update a dependency file
#21705 opened Apr 14, 2026 by dependabot bot Loading…
Bump pytest from 8.3.5 to 9.0.3 in /misc/codegen in the pip group across 1 directory dependencies Pull requests that update a dependency file
#21704 opened Apr 14, 2026 by dependabot bot Loading…
Rust: Refine implHasAmbiguousSiblingAt Rust Pull requests that update Rust code
#21703 opened Apr 13, 2026 by hvitved Contributor Draft
JS: Add support for @vercel/node serverless functions documentation JS
#21697 opened Apr 12, 2026 by murderteeth Loading…
12
Bump org.apache.logging.log4j:log4j-core from 2.14.1 to 2.25.4 in /java/ql/test/utils/flowtestcasegenerator in the maven group across 1 directory dependencies Pull requests that update a dependency file Java
#21696 opened Apr 10, 2026 by dependabot bot Loading…
Python: Add support for PEP-798 documentation Python
#21695 opened Apr 10, 2026 by tausbn Contributor Loading…
3
Add docs comment about deduplicating query rows documentation
#21693 opened Apr 10, 2026 by k4lizen Loading…
Extend actions/unpinned-tag to analyze composite action metadata (action.yml / action.yaml) Actions Analysis of GitHub Actions
#21692 opened Apr 10, 2026 by Copilot AI Draft
@oscarsj
1
Python: Port NonIteratorInForLoop.ql no-change-note-required This PR does not need a change note Python
#21688 opened Apr 9, 2026 by tausbn Contributor Draft
Python: Port InconsistentMRO.ql no-change-note-required This PR does not need a change note Python
#21687 opened Apr 9, 2026 by tausbn Contributor Draft
Python: Port HashedButNoHash.ql no-change-note-required This PR does not need a change note Python
#21686 opened Apr 9, 2026 by tausbn Contributor Draft
1
C#: Improve BMN feed checking & handling. C# documentation
#21684 opened Apr 9, 2026 by michaelnebel Contributor Loading…
14
Python: Port ContainsNonContainer.ql no-change-note-required This PR does not need a change note Python
#21680 opened Apr 9, 2026 by tausbn Contributor Draft
Actions: Add experimental queries for AI output validation CWE 1426 Actions Analysis of GitHub Actions documentation
#21678 opened Apr 9, 2026 by data-douser Contributor Draft
1
Bump buildifier_prebuilt from 6.4.0 to 8.5.1.2 bazel Pull requests that update bazel code dependencies Pull requests that update a dependency file
#21676 opened Apr 9, 2026 by dependabot bot Loading…
Actions: Add experimental prompt injection queries for CWE 1427 Actions Analysis of GitHub Actions documentation
#21675 opened Apr 9, 2026 by data-douser Contributor Draft
@mbaluda
2
Add extra source to actions CWE-094/CodeInjectionMedium Actions Analysis of GitHub Actions documentation
#21672 opened Apr 8, 2026 by knewbury01 Contributor Loading…
@knewbury01
3
ProTip! Type g i on any issue or pull request to go back to the issue listing page.